IRIS

Microsoft will release their patches for the month on July 12th, 2005. HERMES, PRINT, RIS and WINSWW will be down for patching the following Wednesday, July 13th, from 3:00 – 5:00pm.

Security Advisory (903144) June 30th, 2005
Title: A COM Object (javaprxy.dll) Could Cause Internet Explorer to Unexpectedly Exit. See http://go.microsoft.com/fwlink/?LinkId=49999 for more information.

Security Advisory (891861) June 28th, 2005
Title: Release of Update Rollup 1 for Windows 2000 Service Pack 4 (SP4) The Update Rollup contains all security updates produced for Windows 2000 between the time SP4 was released and April 30, 2005, the time when the contents of the Update Rollup were locked down for final testing by Microsoft.
See http://go.microsoft.com/fwlink/?LinkId=49772 for more information.

For those that are interested in using the VPN service, please download the software from \\winsww\sww\public\vpnclient\vpn403f.

Once you install, you will have several pre-set profiles to choose from, “UCB-split”, and “EECS” among them.

To install, copy the vpn403f directory to your local drive and run setup.exe, then reboot the system. After reboot, go to C:\Program Files\Cisco Systems\VPN Client and launch the vpngui.exe to open the VPN Client window. In the VPN Client window, highlight the connection entry you wish to use. You can set this as the default connection entry from the “Connection Entries” pull-down. Click “connect” and use the appropriate authentication credentials for the profile.

If you have a Calnet ID, we strongly recommend that for now you use the “UCB-split” profile. This will get you an UCB IP address. This service is in production and supported by the campus (http://www.net.berkeley.edu/vpn).

If you select the “EECS” profile, you will need to use your EECS Windows account and password to authenticate. Once connected, you will get an EECS IP address, and will be treated as if you are on the EECS network. However, we know certain subset of EECS users with accounts migrated from old NT domains will NOT work correctly all the time. If you encountered problems logging in, please switch back to the “UCB-Split” connection. There are many technical difficulties in setting the EECS service up, so once we have a better solution, we will let everyone know.

Please note that the campus (and EECS) vpn service will NOT work while you are physically on campus.

For those users that use non-Windows platform, you can download the campus VPN software directly from http://www.net.berkeley.edu/vpn. These will not have the EECS profile, and once we have tested them, we will make them available on our local software distribution.

For more information, please see the
VPN FAQ page.

We are pleased to announce the deployment of the new 802.11a wireless service in EECS. 11a offers a much higher link speed (54mb as opposed to 11mb for 802.11b), less interferences, and the possibility of stronger encryption.

For the first phase, we will deploy a non-encrypted 802.11a service. If you have a 802.11a wireless interface, you should be able to connect to “EECS-11a” SSID (there is no other keys required, but your system has to be registered in the EECS wireless network). The service will now require users to authenticate prior to routing. Once you start your browser (please be sure that javascript is turned on), it should redirect you to the authentication page. Use your EECS LDAP username and password for authentication. The lease will expire after a certain period of inactivity, so one can always reconnect to https://1.1.1.1/login.html to re-authenticate. Please note that you should only accept the certificate for the current session when you use the https://1.1.1.1/login.html to reauthenticate. Do not accept the certificate “forever” or you might encounter problems when you roam around EECS. Due to caching problems with firefox, you might be receiving an error about certificates. Please use another browser to authenticate before using firefox.

We have tested only a limited number of 802.11a devices, so it is possible that your 802.11a network device is not fully supported.

Due to limited staffing, we regret to say that we might not be able to get to your specific device immediately.

We know IBM and Dell laptops with built-in 802.11a work, as well as Avaya 802.11a cards (you must install the driver for this).

If you have problem using 802.11a, please let us know what kind of configuration you have. 802.11b service remains your best alternative.

EECS guest wireless will stay on 802.11b.

As of March, 2005, EECS has implemented a measure to block all INCOMING www/telnet/ftp/smtp traffic into EECS, except for those systems pre-registered (see this previous IRIS News item).

In order to further comply with the campus
“minimum security standards” policy ,
effective July 1, 2005, any EECS system that currently supports unauthenticated email relaying or unencrypted telnet/ftp/rsh access will be subject to immediate removal from the EECS network until an acceptable remediation plan is obtained.

Thank you for your cooperation.

The multi-user Solaris machine argus has been shutdown due to an unpatchable local root exploit.

IDSG currently has a trouble call in to Sun to address this problem and will bring argus up as soon as the problem is resolved/mitigated.

[Read more…] about Argus Shutdown

Microsoft has released Microsoft Security Advisory (902333) stating that browser windows, without indications of their origins, may be used in phishing attempts.

For more information please see:
http://go.microsoft.com/fwlink/?LinkId=49437

You may have noticed problems during or immediately after the recent IMAP server upgrade. Some unanticipated migration problems occurred that may have caused some lost or delayed mail.

We currently believe that this is limited to mail that arrived between approximately 7am and 10am on Saturday, June 4. If you believe you’ve lost additional mail that arrived either before or after the morning of Saturday, June 4 or if you are still having issues related to the upgrade, please contact idsg@eecs.

We believe that all the problems have now been resolved and sincerely apologize for this inconvenience.

HERMES, the EECS Windows general login server is being configured with
quotas on Wednesday, June 29th.

The quota limit will be 500MB and will apply to C:\Documents and Settings\user.

This is the default users profile location and the only directory users can write to on HERMES.

When a user profile reaches 250MB a reminder will be sent to the user
that the profiles is approaching the 500MB limit.

When a user reaches the 500MB limit, no more data storage will be allowed. This is a fixed quota.

IDSG recommends users save files in their home directories and not on
the local C:\ drive of HERMES as HERMES is not being backed up.

In the event of data loss, no restoration effort will be made.

[Read more…] about HERMES Quota

Microsoft has released security patches as of Tuesday, June 14th 2005. The security bulletin is available at http://www.microsoft.com/technet/security/bulletin/ms05-jun.mspx

Security patches defined by Microsoft as “critical” or “important” MUST be applied within 5 business days of notification. Should there be active exploits, the time will be adjusted and users will be informed appropriately. Hosts unpatched after the defined time are subject to scanning and removal from the EECS network as per campus IT security policies http://socrates.berkeley.edu:2002/MinStds/.

Patching is sometimes dependent on the service pack level of the Microsoft OS, and installed applications, please read requirements carefully.

Critical Security Bulletins

---

Microsoft Security Bulletin MS05-025
– Cumulative Security Update for Internet Explorer (883939)
– Impact: Remote Code Execution
– US-CERT is not currently aware of any exploits for this vulnerability.
Originally posted: June 14, 2005
Updated: June 15, 2005
Version: 1.1
Affected software:
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition

Microsoft Security Bulletin MS05-026
– Vulnerability in HTML Help Could Allow Remote Code Execution (896358)
– Impact: Remote Code Execution
– US-CERT is not currently aware of any exploits for this vulnerability.
Affected software:
Windows 2000 Service Pack 3
Windows 2000 Service Pack 4
Windows XP Service Pack 1
Windows XP Service Pack 2
Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Windows XP 64-Bit Edition Version 2003 (Itanium)
Windows XP Professional x64 Edition
Windows Server 2003
Windows Server 2003 for Itanium-based Systems
Windows Server 2003 with SP1 for Itanium-based Systems
Windows Server 2003 x64 Edition

Microsoft Security Bulletin MS05-027
– Vulnerability in SMB Could Allow Remote Code Execution (896422)
– Impact: Remote Code Execution
– US-CERT is not currently aware of any exploits for this vulnerability.
Affected software:
Windows 2000 Service Pack 3
Windows 2000 Service Pack 4
Windows XP Service Pack 1
Windows XP Service Pack 2
Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Windows XP 64-Bit Edition Version 2003 (Itanium)
Windows XP Professional x64 Edition
Windows Server 2003
Windows Server 2003 for Itanium-based Systems
Windows Server 2003 with SP1 for Itanium-based Systems
Windows Server 2003 x64 Edition

Important Security Bulletins

---

Microsoft Security Bulletin MS05-028
– Vulnerability in Web Client Service May Allow Elevation of Privilege (896426)
– Impact: Remote Code Execution
– US-CERT is not currently aware of any exploits for this vulnerability.
Affected software:
Windows XP Service Pack 1
Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Windows XP 64-Bit Edition Version 2003 (Itanium)
Windows Server 2003
Windows Server 2003 for Itanium-based Systems

Microsoft Security Bulletin MS05-029
– Vulnerability in Outlook Web Access for Exchange Server 5.5 Could Allow Cross-Site Scripting Attacks (895179)
– Impact: Remote Code Execution
– US-CERT is not currently aware of any exploits for this vulnerability.
Affected software:
Exchange Server 5.5 Service Pack 4

Microsoft Security Bulletin MS05-030
– Cumulative Security Update in Outlook Express (897715)
– Impact: Remote Code Execution
– US-CERT is not currently aware of any exploits for this vulnerability.
Affected Software:
Windows 2000 Service Pack 3
Windows 2000 Service Pack 4
Windows XP Service Pack 1
Windows XP Service Pack 2
Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Windows XP 64-Bit Edition Version 2003 (Itanium)
Windows Server 2003
Windows Server 2003 for Itanium-based Systems

Microsoft Security Bulletin MS05-031
– Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (898458)
– Impact: Remote Code Execution
– US-CERT is not currently aware of any exploits for this vulnerability.
Originally posted: June 14, 2005
Updated: June 15, 2005
Version: 1.1
Affected Software:
Windows 2000 Service Pack 3
Windows 2000 Service Pack 4
Windows XP Service Pack 1
Windows XP Service Pack 2
Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Windows XP 64-Bit Edition Version 2003 (Itanium)
Windows XP Professional x64 Edition
Windows Server 2003
Windows Server 2003 for Itanium-based Systems
Windows Server 2003 with SP1 for Itanium-based Systems
Windows Server 2003 x64 Edition

Moderate Security Bulletins

---

Microsoft Security Bulletin MS05-032
– Vulnerability in Microsoft Agent Could Allow Spoofing (890046)
– Impact: Spoofing
– US-CERT is not currently aware of any exploits for this vulnerability.
Affected Software:
Windows 2000 Service Pack 3
Windows 2000 Service Pack 4
Windows XP Service Pack 1
Windows XP Service Pack 2
Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Windows XP 64-Bit Edition Version 2003 (Itanium)
Windows XP Professional x64 Edition
Windows Server 2003
Windows Server 2003 for Itanium-based Systems
Windows Server 2003 with SP1 for Itanium-based Systems
Windows Server 2003 x64 Edition

Microsoft Security Bulletin MS05-033
– Vulnerability in Telnet Client Could Allow Information Disclosure (896428)
– Impact: Information Disclosure
– US-CERT is not currently aware of any exploits for this vulnerability.
Originally posted: June 14, 2005
Updated: June 15, 2005
Version: 1.1
Affected Software:
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
When running on Windows 2000:
Microsoft Windows Services for UNIX 3.5
Microsoft Windows Services for UNIX 3.0
Microsoft Windows Services for UNIX 2.2

Microsoft Security Bulletin MS05-034
– Cumulative Security Update for ISA Server 2000 (899753)
– Impact of Vulnerability: Elevation of Privilege
– US-CERT is not currently aware of any exploits for this vulnerability.
Affected Software:
Microsoft Internet Security and Acceleration (ISA) Server 2000 Service Pack 2
Microsoft Small Business Server 2000
Microsoft Small Business Server 2003 Premium Edition
[Read more…] about Microsoft Security Bulletin Summary for June